Web Application Firewalls - Analysis of Detection Logic

Explore the intricacies of Web Application Firewall (WAF) detection logic in this 40-minute Black Hat conference talk. Delve into the core mechanisms of WAFs, focusing on regular expression-based detection. Analyze the security of six popular open-source WAFs, including OWASP CRS 2,3 - ModSecurity, Comodo WAF, PHPIDS, QuickDefense, and Libinjection. Discover a new Static Application Security Testing (SAST) tool designed to uncover security flaws in regular expression syntax. Learn how to apply a "regex security cheatsheet" to examine rules from popular WAFs and identify logical flaws. Uncover unexpected attack vectors for Cross-Site Scripting and SQL-Injection (MySQL, MSSQL, Oracle) using advanced fuzz testing techniques. Gain insights into clustering and representing attack vectors through look-up tables, useful for both attackers and defenders. Explore over 15 new bypass vectors and understand the potential weaknesses in WAF detection logic, with an indication of more than 300 possible vulnerabilities.